Linux Ethernet Bridging - Apr 2007 - [Bridge] Linux Bridge + NAT + firewall

Hello everybody!

I'm trying to setup at home a linux router for me and my 3 friends.
Basically I had some spare network cards around and that is why I have not
bought a switch or a router. Also all of us are rarely at home at the same time
so bandwidth will not be a problem. And I thought it would be fun to try to make
this work in linux. However, I've hit a dead end.

This is my problem:
- I have a spare computer running CentOS 5 (RHEL 5 clone) with 5 network cards
- we have an internet connection via a cable modem. The cable modem is linked at
eth4 to the above computer that will be setup as router.
- all the computers in the house are linked to the same above computer to
eth0...eth3.
I did the following:
- I'm using dhclient to obtain an IP for eth4 via DHCP. The internet
connection works on this computer, I am able to navigate, etc. I had to spoof
the MAC address of eth4 since the MAC of one of the other computers was
registered at our ISP. (Yes, I could have exchanged the network cards, if it
wouldn't have been a laptop....)
- I used bridge-utils to configure a bridge composed of eth0...eth3

my rc.local:

#create bridge

brctl addbr br0
brctl stp br0 off
brctl addif br0 eth0
....
brctl addif br0 eth3
ifconfig eth0 0.0.0.0
...
ifconfig eth3 0.0.0.0
ifconfig br0 192.168.0.1 netmask 255.255.255.0 up

#spoof MAC and get DHCP IP addres on eth4
ifconfig eth4 down
ifconfig eth4 hw ehter addr xx:xx:xx:xx:xx:xx:xx:xx
ifconfig eth4 up
dhclient eth4

#iptables 
 iptables -t nat -A POSTROUTING -o eth4 -j MASQUERADE
iptables -A INPUT -i eth4 -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth4 -j ACCEPT  

- the other computers also have IPs in the 192.168.0.xxx range with 192.168.0.1
set as gateway and DNS and are running Windows and linux.

My question is how do I masquerade all  4 computers linked to br0 and make them
connect to the internet using my cable modem connection on eth4?
I tried using iptables but could not obtained so far a result. IP forwarding is
enabled in /etc/sysctl.conf.
I'm thinking of refining afterwards the rules to have a true firewall, but
first I need a working NAT.....

Thanks a lot,
Sebastian

       
---------------------------------
Ahhh...imagining that irresistible "new car" smell?
 Check outnew cars at Yahoo! Autos.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.linux-foundation.org/pipermail/bridge/attachments/20070430/afd8aef7/attachment.htm

On Mon, 30 Apr 2007 06:23:03 -0700 (PDT)
Sebastian Tabarce <blue_moon_ro@yahoo.com> wrote:
> Hello everybody!
> 
> I'm trying to setup at home a linux router for me and my 3 friends.
Basically I had some spare network cards around and that is why I have not
bought a switch or a router. Also all of us are rarely at home at the same time
so bandwidth will not be a problem. And I thought it would be fun to try to make
this work in linux. However, I've hit a dead end.
> 
> This is my problem:
> - I have a spare computer running CentOS 5 (RHEL 5 clone) with 5 network
cards
> - we have an internet connection via a cable modem. The cable modem is
linked at eth4 to the above computer that will be setup as router.
> - all the computers in the house are linked to the same above computer to
eth0...eth3.
> I did the following:
> - I'm using dhclient to obtain an IP for eth4 via DHCP. The internet
connection works on this computer, I am able to navigate, etc. I had to spoof
the MAC address of eth4 since the MAC of one of the other computers was
registered at our ISP. (Yes, I could have exchanged the network cards, if it
wouldn't have been a laptop....)
> - I used bridge-utils to configure a bridge composed of eth0...eth3
> 
> my rc.local:
> 
> #create bridge
> 
> brctl addbr br0
> brctl stp br0 off
> brctl addif br0 eth0
> ....
> brctl addif br0 eth3
> ifconfig eth0 0.0.0.0
> ...
> ifconfig eth3 0.0.0.0
> ifconfig br0 192.168.0.1 netmask 255.255.255.0 up
> 
> #spoof MAC and get DHCP IP addres on eth4
> ifconfig eth4 down
> ifconfig eth4 hw ehter addr xx:xx:xx:xx:xx:xx:xx:xx
> ifconfig eth4 up
> dhclient eth4
> 
> #iptables 
>  iptables -t nat -A POSTROUTING -o eth4 -j MASQUERADE
> iptables -A INPUT -i eth4 -o br0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
> iptables -A FORWARD -i eth0 -o eth4 -j ACCEPT  
> 
> - the other computers also have IPs in the 192.168.0.xxx range with
192.168.0.1 set as gateway and DNS and are running Windows and linux.
> 
> My question is how do I masquerade all  4 computers linked to br0 and make
them connect to the internet using my cable modem connection on eth4?
> I tried using iptables but could not obtained so far a result. IP
forwarding is enabled in /etc/sysctl.conf.
> I'm thinking of refining afterwards the rules to have a true firewall,
but first I need a working NAT.....

You need to setup NAT